#! /bin/bash

error=0 ; trap "error=$((error|1))" ERR

# add a user account:hmuser
if ! $ROOTCMD getent passwd hmuser ; then
    $ROOTCMD adduser -c "HUMAN USER" hmuser
    $ROOTCMD usermod -p '$1$.cWiG8mO$FXN7lZaghXxjZnhshvqfm/' hmuser
    sed -i '/^root/a\hmuser    ALL=(ALL:ALL) ALL' $target/etc/sudoers
fi

# enable graphical login screen, make run level 5 as default
if [ -f $target/usr/sbin/gdm ]; then
    sed -i -e 's/id:3:initdefault:/id:5:initdefault:/' $target/etc/inittab
    # do not run this tool
    echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
fi

sed -i '/kernel.sched_time_avg_ms/d' $target/etc/sysctl.conf
sed -i '/kernel.perf_cpu_time_max_percent/d' $target/etc/sysctl.conf
sed -i '/kernel.numa_balancing/d' $target/etc/sysctl.conf
sed -i '/net.core.default_qdisc/d' $target/etc/sysctl.conf
sed -i '/net.core.bpf_jit_enable/d' $target/etc/sysctl.conf
sed -i '/net.core.netdev_tstamp_prequeue/d' $target/etc/sysctl.conf
sed -i '/net.ipv4.tcp_autocorking/d' $target/etc/sysctl.conf
sed -i '/net.ipv4.tcp_fastopen/d' $target/etc/sysctl.conf

#ln -sf /dev/null $target/etc/systemd/system/multi-user.target.wants/kdump.service
#ln -sf /dev/null $target/etc/systemd/system/gssproxy.service
#ln -sf /dev/null $target/etc/systemd/system/polkit.service
#ln -sf /dev/null $target/etc/systemd/system/network-online.service
#unlink $target/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service
#unlink $target/etc/systemd/system/basic.target.wants/firewalld.service
#unlink $target/etc/systemd/system/multi-user.target.wants/wpa_supplicant.service
#unlink $target/etc/systemd/system/multi-user.target.wants/auditd.service
#unlink $target/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service
#unlink $target/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service
#unlink $target/etc/systemd/system/multi-user.target.wants/NetworkManager.service
#unlink $target/etc/systemd/system/multi-user.target.wants/tuned.service
#enable rsyslogd
#ln -sf /usr/lib/systemd/system/rsyslog.service $target/etc/systemd/system/multi-user.target.wants/rsyslog.service
#snoopy
#ainsl -a /etc/ld.so.preload '/lib64/snoopy.so'
#ainsl -a /etc/sysconfig/irqbalance 'ENABLED="0"'
ainsl /etc/ssh/ssh_config 'HashKnownHosts yes'
#ainsl /etc/ssh/ssh_config 'Compression yes'
ainsl /etc/ssh/ssh_config 'ServerAliveInterval 60'
ainsl /etc/ssh/ssh_config 'ServerAliveCountMax 5'
ainsl /etc/ssh/ssh_config 'ControlMaster auto'
ainsl /etc/ssh/ssh_config 'ControlPath /tmp/ssh_mux_%h_%p_%r'
ainsl /etc/ssh/ssh_config 'ControlPersist 4h'
       
sed -i 's/#Protocol 2/Protocol 2/' $target/etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin.*$/PermitRootLogin without-password/' $target/etc/ssh/sshd_config
sed -i 's/#PrintLastLog.*$/PrintLastLog yes/' $target/etc/ssh/sshd_config
sed -i 's/X11Forwarding yes/X11Forwarding no/' $target/etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' $target/etc/ssh/sshd_config
ainsl /etc/ssh/sshd_config 'UseDNS no'
#ainsl /etc/ssh/sshd_config 'PrintMotd no'
#sed -i 's/^.*pam_motd.so/#&/' $target/etc/pam.d/sshd
sed -i '/^driftfile/a\interface ignore wildcard' $target/etc/ntp.conf
ainsl /etc/bashrc 'force_color_prompt=yes'
ainsl /etc/sysconfig/init 'ACTIVE_CONSOLES=/dev/tty[1-2]'
#enable zfs
ainsl -a /etc/modules-load.d/zfs.conf 'zfs'
$ROOTCMD chkconfig kdump off
$ROOTCMD chkconfig iptables off
$ROOTCMD chkconfig ip6tables off
#$ROOTCMD chkconfig auditd on
$ROOTCMD chkconfig rpcbind off
$ROOTCMD chkconfig rpcgssd off
$ROOTCMD chkconfig mdmonitor off
$ROOTCMD chkconfig netfs off
$ROOTCMD chkconfig nfslock off
$ROOTCMD chkconfig rsyslog on
#$ROOTCMD chkconfig arpwatch off
$ROOTCMD chkconfig nscd on
$ROOTCMD chkconfig psacct on
$ROOTCMD chkconfig ntpd on

exit $error
